Tidserv/TDSS Infection leftovers

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
←
1
2

You cannot start a new topic
This topic is locked

Tidserv/TDSS Infection leftovers I cleaned most of it already...

#16 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 23 June 2011 - 03:59 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTListIt.txt in your next reply.

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#17 jorgenpr

New Member

Group: Members
Posts: 11
Joined: 16-June 11

Posted 23 June 2011 - 04:18 PM

I have included the contents of OTL.txt.

Are we looking at likely needing to wipe and reload this computer at this point? I am approaching the end of a fairly large project and a reimage, though not ideal, would be possible at that point.

OTL logfile created on: 6/23/2011 3:06:23 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\jorgenpr\Downloads
Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.65 Gb Available Physical Memory | 47.68% Memory free
6.90 Gb Paging File | 4.95 Gb Available in Paging File | 71.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.54 Gb Total Space | 20.12 Gb Free Space | 13.64% Space Free | Partition Type: NTFS

Computer Name: USSLC-JORGENPR | User Name: JorgenPR | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\jorgenpr\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
PRC - C:\Program Files\WebDrive\wdService.exe (South River Technologies, LLC)
PRC - C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
PRC - C:\Users\jorgenpr\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
PRC - C:\Program Files\Juniper Networks\Network Connect 6.5.0\dsNetworkConnect.exe (Juniper Networks)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Users\jorgenpr\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe (Juniper Networks)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
PRC - C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe (Aladdin Knowledge Systems, Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\mmc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Unisys\UCLaunch\UCLaunch.exe (Unisys Corporation)
PRC - C:\Program Files\Courion Corporation\DIRECT! CP\direct.exe (Courion Corporation)
PRC - C:\Program Files\Courion Corporation\DIRECT! CP\CourClientSvr.exe (Courion Corporation)
PRC - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe (Juniper Networks)

========== Modules (SafeList) ==========

MOD - C:\Users\jorgenpr\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (WebDriveService) -- C:\Program Files\WebDrive\wdService.exe (South River Technologies, LLC)
SRV - (CrossLoopService) -- C:\Users\jorgenpr\AppData\Local\CrossLoop\CrossLoopService.exe (CrossLoop Inc)
SRV - (tvnserver) -- C:\Users\jorgenpr\AppData\Local\CrossLoop\tvnserver.exe (GlavSoft LLC.)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_111ae7bb7f222578\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (eTSrv) -- C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe (Aladdin Knowledge Systems, Ltd.)
SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\windows\System32\CCM\TSManager.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CourClientSvr) -- C:\Program Files\Courion Corporation\DIRECT! CP\CourClientSvr.exe (Courion Corporation)
SRV - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)
SRV - (Neoteris Setup Service) -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe (Juniper Networks)

========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110623.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110623.002\NAVENG.SYS (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WPS) -- C:\Windows\System32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (SysPlant) -- C:\windows\SYSTEM32\Drivers\SysPlant.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\Windows\System32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (WebDriveFSD) -- C:\Program Files\WebDrive\wdfsd.sys ()
DRV - (WpsHelper) -- C:\Windows\System32\drivers\wpshelper.sys (Symantec Corporation)
DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (DIGITECH) -- C:\windows\system32\DRIVERS\DIGITECH.sys (Copyright© Digitech Systems)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Impcd) -- C:\windows\system32\DRIVERS\Impcd.sys (Intel Corporation)
DRV - (rimspci) -- C:\windows\system32\DRIVERS\rimspe86.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (risdpcie) -- C:\windows\system32\DRIVERS\risdpe86.sys (REDC)
DRV - (rimsptsk) -- C:\windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rixdpcie) -- C:\windows\system32\DRIVERS\rixdpe86.sys (REDC)
DRV - (rismxdp) -- C:\windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (HECI) Intel® -- C:\windows\system32\DRIVERS\HECI.sys (Intel Corporation)
DRV - (Acceler) -- C:\windows\system32\DRIVERS\Accelern.sys (ST Microelectronics)
DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (guardian2) -- C:\Windows\System32\drivers\oz776.sys (O2Micro)
DRV - (tcm) -- C:\windows\system32\DRIVERS\tcm.sys ()
DRV - (AKSIFDH) -- C:\Windows\System32\drivers\aksifdh.sys (Aladdin Knowledge Systems, Ltd.)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)
DRV - (tiumfwl) -- C:\windows\system32\drivers\tiumfwl.sys (Texas Instruments Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-2052111302-527237240-240349\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://unet.unisys.com
IE - HKU\S-1-5-21-725345543-2052111302-527237240-240349\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://unet.unisys.com
IE - HKU\S-1-5-21-725345543-2052111302-527237240-240349\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-725345543-2052111302-527237240-240349\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/22 07:39:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/22 07:48:21 | 000,000,000 | ---D | M]

[2010/12/21 23:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jorgenpr\AppData\Roaming\mozilla\Extensions
[2011/06/22 19:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jorgenpr\AppData\Roaming\mozilla\Firefox\Profiles\j8g1bzh5.default\extensions
[2011/03/17 11:34:16 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Users\jorgenpr\AppData\Roaming\mozilla\Firefox\Profiles\j8g1bzh5.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011/06/22 19:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/22 07:48:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/03/18 11:33:21 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/03/18 11:33:22 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/06/22 23:17:37 | 000,000,151 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 129.225.216.2 usaccess3.spt.unisys.com
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DIRECT!] C:\Program Files\Courion Corporation\DIRECT! CP\direct.exe (Courion Corporation)
O4 - HKLM..\Run: [eTMonitor] C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe (Aladdin Knowledge Systems, Ltd.)
O4 - HKLM..\Run: [UCLaunch] C:\Program Files\Unisys\UCLaunch\UCLaunch.exe (Unisys Corporation)
O4 - HKU\S-1-5-21-725345543-2052111302-527237240-240349..\Run: [WebDriveTray] C:\Program Files\WebDrive\webdrive.exe (South River Technologies, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O15 - HKLM\..Trusted Domains: gotrain.net ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: scholars.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: smartforce.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: unisys.com ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: unisys.com ([*.spt] https in Trusted sites)
O15 - HKLM\..Trusted Domains: unisys.com ([certificates] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: unisys.com ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: unisys.com ([certificates] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: unisys.com ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: unisys.com ([certificates] https in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: elementk.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: gotrain.net ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: scholars.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: skillsoft.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: smartforce.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: unisys.com ([]* in Local intranet)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: unisys.com ([*.spt] https in Trusted sites)
O15 - HKU\S-1-5-21-725345543-2052111302-527237240-240349\..Trusted Domains: unisys.com ([certificates] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://usaccess3.spt.unisys.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.224.192.75 129.224.72.14
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.uis.unisys.com
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\Shell - "" = AutoRun
O33 - MountPoints2\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 03:52:11 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{6F73D9AC-CD76-42E8-92AC-A778B15FCD39}
[2011/06/22 15:51:33 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{9B55119C-90BF-4BA6-963A-91BFAC806F9C}
[2011/06/22 08:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/22 07:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/06/22 07:50:50 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/06/22 07:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/22 07:48:21 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2011/06/22 07:48:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011/06/22 07:48:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011/06/22 07:48:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2011/06/22 07:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/22 07:40:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/22 07:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/06/22 07:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/06/22 07:39:38 | 000,000,000 | ---D | C] -- C:\windows\System32\appmgmt
[2011/06/22 07:39:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/21 21:01:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011/06/21 21:01:18 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2011/06/21 21:01:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2011/06/21 21:01:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011/06/21 15:50:53 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{DEBCC7DE-4193-437A-BADB-6A5249EB5044}
[2011/06/21 15:46:02 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/06/21 15:46:02 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\temp
[2011/06/21 15:32:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/06/21 15:32:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/06/21 15:32:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/06/21 15:31:16 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/06/21 15:25:13 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/06/21 15:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 13:33:44 | 004,133,221 | R--- | C] (Swearware) -- C:\Users\jorgenpr\Desktop\ComboFix.exe
[2011/06/16 08:54:06 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\Desktop\malware
[2011/06/16 05:21:04 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{B4CF2623-2804-46B6-8C0D-6A879E0C2E19}
[2011/06/15 17:20:40 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{ABFBED5F-2095-44A9-B9DB-9D2F5CB51D85}
[2011/06/15 12:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcender
[2011/06/15 12:23:14 | 002,155,096 | ---- | C] (Exam Solutions) -- C:\windows\System32\QDMEAXRT.ocx
[2011/06/15 12:23:14 | 000,659,456 | ---- | C] (Kaplan IT) -- C:\windows\System32\KUserService.dll
[2011/06/15 12:23:14 | 000,495,616 | ---- | C] (Kaplan IT) -- C:\windows\System32\KDataService.dll
[2011/06/15 12:23:14 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\TabCtl32.ocx
[2011/06/15 12:23:14 | 000,193,784 | ---- | C] (Mabry Software, Inc.) -- C:\windows\System32\HttpX.dll
[2011/06/15 12:23:14 | 000,172,032 | ---- | C] (Kaplan IT) -- C:\windows\System32\KBusinessService.dll
[2011/06/15 12:23:14 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\windows\System32\HttpX.ocx
[2011/06/15 12:23:14 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSMapi32.ocx
[2011/06/15 12:23:14 | 000,057,344 | ---- | C] (Kaplan IT) -- C:\windows\System32\KWebFarm.dll
[2011/06/15 12:23:14 | 000,045,056 | ---- | C] (Kaplan IT) -- C:\windows\System32\KCommon.dll
[2011/06/15 12:23:14 | 000,032,768 | ---- | C] (Self Test Software) -- C:\windows\System32\webCryption.dll
[2011/06/15 12:23:14 | 000,024,576 | ---- | C] (Kaplan IT) -- C:\windows\System32\IKUserInterface.dll
[2011/06/15 12:23:14 | 000,024,576 | ---- | C] (Kaplan IT) -- C:\windows\System32\IKDataInterface.dll
[2011/06/15 12:23:14 | 000,020,480 | ---- | C] (Kaplan IT) -- C:\windows\System32\IKLiveInterface.dll
[2011/06/15 12:23:14 | 000,020,480 | ---- | C] (Kaplan IT) -- C:\windows\System32\IKCryptionInterface.dll
[2011/06/15 12:23:14 | 000,020,480 | ---- | C] (Kaplan IT) -- C:\windows\System32\IKBusinessInterface.dll
[2011/06/15 12:23:13 | 003,979,680 | ---- | C] (Adobe Systems, Inc.) -- C:\windows\System32\Flash.ocx
[2011/06/15 12:23:13 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Comctl32.ocx
[2011/06/15 12:23:13 | 001,191,016 | ---- | C] (Pallas, Inc., A Dev Group of Exam Solutions, Inc.) -- C:\windows\System32\ESPICaseStudyLibrary.ocx
[2011/06/15 12:23:13 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\temp.002
[2011/06/15 12:23:13 | 000,286,773 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\temp.004
[2011/06/15 12:23:13 | 000,151,601 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\temp.003
[2011/06/15 12:23:13 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\windows\System32\MabryObj.dll
[2011/06/15 12:23:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\temp.001
[2011/06/15 12:23:13 | 000,036,864 | ---- | C] (Self Test Software) -- C:\windows\System32\MouseWheelTrap.ocx
[2011/06/15 12:23:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3a.dll
[2011/06/15 12:23:12 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\temp.000
[2011/06/15 12:23:11 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbar332.dll
[2011/06/15 12:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Transcender
[2011/06/15 05:20:17 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{5EF8C751-3BF8-4A4A-BFD4-D50537FF8DA2}
[2011/06/14 20:11:55 | 000,607,310 | R--- | C] (Swearware) -- C:\Users\jorgenpr\Desktop\dds.scr
[2011/06/14 17:19:53 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{0B804A68-5F1B-4657-8E6A-25CF93F69A07}
[2011/06/14 05:19:30 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{19A11BBD-CF22-4404-9897-DBAD7A33D0CD}
[2011/06/13 05:18:27 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{5DAFF123-7C9A-484A-B100-1F7488D1325B}
[2011/06/12 21:15:58 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/06/12 21:15:58 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/06/12 21:15:58 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/06/12 21:15:58 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/12 21:15:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/12 21:15:57 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/06/12 21:15:57 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/06/12 21:15:57 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/12 21:15:57 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/06/12 21:15:57 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/06/12 21:15:57 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/12 21:15:57 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/06/12 21:15:57 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/12 21:15:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/06/12 21:15:57 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/06/12 21:15:57 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/06/12 21:15:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/06/12 21:15:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/06/12 21:15:57 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/06/12 21:15:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/06/12 21:15:57 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/06/12 21:15:57 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/12 21:15:57 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/06/12 21:15:57 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/06/12 21:15:57 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/06/12 21:15:57 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/06/12 21:15:57 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/06/12 21:15:57 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/06/12 21:15:57 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/06/12 21:15:57 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/06/12 21:15:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/06/12 21:15:57 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/06/12 21:15:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/06/12 21:15:57 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/12 21:15:57 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/12 21:15:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/06/12 21:15:17 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/06/12 21:15:17 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2011/06/12 21:15:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2011/06/12 21:15:17 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/06/12 21:15:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/06/12 21:15:17 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2011/06/12 21:15:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/06/12 21:15:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/06/12 21:15:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/06/12 21:15:17 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\cdd.dll
[2011/06/12 17:17:49 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{7DAF9485-9134-45FC-AD3D-69CC49E0CFAC}
[2011/06/12 05:17:26 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{46781E76-0DE6-4556-A1F2-6E97959BBE23}
[2011/06/11 17:17:15 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{C6A07278-3CCB-4BF7-8BC6-E4991CDDC164}
[2011/06/11 05:16:51 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{74B3F8B3-3E8F-4110-8138-5BD6B7653D16}
[2011/06/10 17:16:27 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{8FAE47E4-5811-48BC-A702-F195B7DF7405}
[2011/06/10 05:16:16 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{6835B4AB-A0E0-4F3C-91D2-316BF3938BEA}
[2011/06/09 17:15:52 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{DF3489B1-4C0A-4417-9289-323B96D63EE6}
[2011/06/09 05:15:29 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{A1F5F447-2F0A-4AD6-AAF3-4CE2CB27B0D3}
[2011/06/08 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{7B9929B6-0D8A-46FD-B0E2-ACA789C95530}
[2011/06/08 05:14:42 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{63A0F694-0F9C-4E0E-B406-FC00FCA63CCA}
[2011/06/07 17:14:18 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{C1662F14-D012-4B0A-947A-97529534237A}
[2011/06/07 05:13:55 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{D3BB7AC2-AC82-4D75-8ECF-DA0DBBF13A10}
[2011/06/06 17:13:44 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{84CC8108-F089-4629-AE16-208C2E80F139}
[2011/06/06 13:51:38 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\Desktop\ITSM_Querytool_Data_Extract
[2011/06/06 05:13:20 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{DF27BE2C-4CC9-4618-9F94-5EFFD2AD2456}
[2011/06/05 17:12:56 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{7C4E480E-CA1B-4562-A84E-F3E774CAE905}
[2011/06/05 05:12:32 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{6C476702-AC5B-4F4A-B8F2-953099EF1C33}
[2011/06/04 17:12:09 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{C4F5B4AF-F603-49F0-9AAB-5DC1046C61E8}
[2011/06/04 05:11:58 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{B5245C37-FE1F-41C2-A582-C82C32DC5212}
[2011/06/03 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{BE32A7D7-83D2-43A7-A26A-16EAE9209E43}
[2011/06/03 05:11:11 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{BBA6DDAD-2424-44FA-B545-29B254CA7D4D}
[2011/06/02 17:10:34 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{276BDB47-C19B-4BD5-A9F0-9198CD09ABDE}
[2011/06/02 05:10:10 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{B24FFD70-E176-4987-9704-7E9431B81C6E}
[2011/06/01 17:09:59 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{8B6D1713-F5DA-4620-B450-DEB3A640EB09}
[2011/06/01 05:09:36 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{50F92360-CB03-4699-8FD6-3DF9AE7D9616}
[2011/05/31 17:09:12 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{E34406EB-3EB2-4DF3-A2AD-C46422FA04DB}
[2011/05/31 14:19:43 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\Desktop\ProcessExplorer
[2011/05/31 13:36:12 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Roaming\Malwarebytes
[2011/05/31 13:36:08 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/31 13:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/31 13:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/31 13:36:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/31 13:36:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/31 09:22:39 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\Symantec
[2011/05/31 09:22:29 | 000,167,936 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\wpshelper.sys
[2011/05/31 09:21:26 | 000,097,096 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SysPlant.sys
[2011/05/31 09:21:18 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011/05/31 09:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2011/05/31 09:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/31 05:08:36 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{3E184BEB-648C-4A14-A1A7-D37657074D4B}
[2011/05/30 17:08:25 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{D732C5F9-34DA-4DFD-9313-BBE574246AC9}
[2011/05/30 05:08:14 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{B6EEF203-A847-4603-89B9-AE5287754E2E}
[2011/05/29 17:08:02 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{41BCD646-AADA-4AF9-B81B-D8AF32E167BA}
[2011/05/29 05:07:38 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{FEBD5B45-61DC-435B-844B-5098BBF4C301}
[2011/05/28 17:07:15 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{1EF2D3B3-C8D6-498C-9D07-B52934BADF1C}
[2011/05/28 05:06:51 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{7FA7A547-392B-4CD6-94EF-3CAD8B819DC6}
[2011/05/27 17:06:27 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{17AAA030-17DB-4D83-851C-33707E83188B}
[2011/05/27 05:06:03 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{6E4A9468-C381-4677-8270-B4051C68608C}
[2011/05/26 17:05:39 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{87D427D5-3B81-4101-84C4-4409E7FD149C}
[2011/05/26 13:46:40 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\Documents\My Business Objects Documents
[2011/05/26 13:46:40 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Roaming\Business Objects
[2011/05/26 13:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\NotesSQL
[2011/05/26 05:05:15 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{C63FCCA4-0F73-4CA2-98D4-B06A8184B487}
[2011/05/25 17:04:52 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{5D688DE3-111C-4969-891D-035D28B8C123}
[2011/05/25 05:04:41 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{7FC055D7-CBF7-4230-93FB-49533E0FBD92}
[2011/05/24 17:04:18 | 000,000,000 | ---D | C] -- C:\Users\jorgenpr\AppData\Local\{F01759CF-FDFF-44FD-BA46-66D561D1CC8C}
[2010/04/11 13:06:38 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/06/23 14:53:44 | 2629,944,320 | ---- | M] () -- C:\Users\jorgenpr\Documents\2009 Personal Folders.pst
[2011/06/23 14:53:44 | 2467,415,040 | ---- | M] () -- C:\Users\jorgenpr\Documents\2007 Personal Folders.pst
[2011/06/23 14:53:44 | 1323,869,184 | ---- | M] () -- C:\Users\jorgenpr\Documents\2008 Personal Folders.pst
[2011/06/23 14:53:44 | 1115,120,640 | ---- | M] () -- C:\Users\jorgenpr\Documents\2011 Personal Folders.pst
[2011/06/22 23:32:47 | 000,012,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 23:32:47 | 000,012,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/22 23:27:34 | 000,624,090 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/06/22 23:27:34 | 000,106,664 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/06/22 23:27:34 | 000,000,462 | ---- | M] () -- C:\windows\SMSCFG.ini
[2011/06/22 23:17:37 | 000,000,151 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/06/22 23:15:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/06/22 23:15:41 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/22 23:00:07 | 000,000,950 | ---- | M] () -- C:\Users\jorgenpr\Desktop\Microsoft - ITSM - Strip domain from alias fields.sql
[2011/06/22 22:58:42 | 000,002,006 | -H-- | M] () -- C:\Users\jorgenpr\Documents\Default.rdp
[2011/06/22 07:59:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011/06/22 07:50:50 | 000,002,979 | ---- | M] () -- C:\Users\jorgenpr\Desktop\HiJackThis.lnk
[2011/06/22 07:41:06 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/21 20:46:35 | 000,052,160 | ---- | M] () -- C:\Users\jorgenpr\Desktop\alert.jpg
[2011/06/21 15:22:45 | 000,001,033 | ---- | M] () -- C:\Users\jorgenpr\Desktop\l2 tickets by company.sql
[2011/06/21 15:22:16 | 000,001,598 | ---- | M] () -- C:\Users\jorgenpr\Desktop\l2 report daily query.sql
[2011/06/21 13:33:58 | 004,133,221 | R--- | M] (Swearware) -- C:\Users\jorgenpr\Desktop\ComboFix.exe
[2011/06/16 08:57:19 | 000,001,061 | ---- | M] () -- C:\Users\jorgenpr\Desktop\CSIIP - Reporting Output.sql
[2011/06/16 08:57:16 | 000,002,636 | ---- | M] () -- C:\Users\jorgenpr\Desktop\Global Field CSAT Query.sql
[2011/06/15 12:23:29 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Transcender .lnk
[2011/06/14 20:11:59 | 000,607,310 | R--- | M] (Swearware) -- C:\Users\jorgenpr\Desktop\dds.scr
[2011/06/13 19:30:50 | 000,321,387 | ---- | M] () -- C:\AVScript36.js
[2011/06/13 19:30:50 | 000,000,082 | ---- | M] () -- C:\AVScript.wsf
[2011/06/13 19:21:20 | 000,001,683 | ---- | M] () -- C:\Users\jorgenpr\Desktop\L2 report query.sql
[2011/06/12 21:22:16 | 000,001,417 | ---- | M] () -- C:\Users\jorgenpr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/12 21:19:09 | 000,000,163 | ---- | M] () -- C:\Users\jorgenpr\Desktop\agent metrics fix company name.sql
[2011/06/12 21:15:58 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll
[2011/06/12 21:15:58 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msls31.dll
[2011/06/12 21:15:58 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2011/06/12 21:15:58 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011/06/12 21:15:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2011/06/12 21:15:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2011/06/12 21:15:57 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dat
[2011/06/12 21:15:57 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2011/06/12 21:15:57 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011/06/12 21:15:57 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll
[2011/06/12 21:15:57 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2011/06/12 21:15:57 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\html.iec
[2011/06/12 21:15:57 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtmsft.dll
[2011/06/12 21:15:57 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2011/06/12 21:15:57 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011/06/12 21:15:57 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieaksie.dll
[2011/06/12 21:15:57 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dxtrans.dll
[2011/06/12 21:15:57 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakui.dll
[2011/06/12 21:15:57 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\wextract.exe
[2011/06/12 21:15:57 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iexpress.exe
[2011/06/12 21:15:57 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2011/06/12 21:15:57 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieakeng.dll
[2011/06/12 21:15:57 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2011/06/12 21:15:57 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\IEAdvpack.dll
[2011/06/12 21:15:57 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\admparse.dll
[2011/06/12 21:15:57 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2011/06/12 21:15:57 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inseng.dll
[2011/06/12 21:15:57 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\SetIEInstalledDate.exe
[2011/06/12 21:15:57 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2011/06/12 21:15:57 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2011/06/12 21:15:57 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2011/06/12 21:15:57 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\pngfilt.dll
[2011/06/12 21:15:57 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtmler.dll
[2011/06/12 21:15:57 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\imgutil.dll
[2011/06/12 21:15:57 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2011/06/12 21:15:57 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2011/06/12 21:15:17 | 001,495,040 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ExplorerFrame.dll
[2011/06/12 21:15:17 | 001,170,944 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll
[2011/06/12 21:15:17 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2011/06/12 21:15:17 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll
[2011/06/12 21:15:17 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsPrint.dll
[2011/06/12 21:15:17 | 000,283,648 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsGdiConverter.dll
[2011/06/12 21:15:17 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\drivers\dxgmms1.sys
[2011/06/12 21:15:17 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1core.dll
[2011/06/12 21:15:17 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\d3d10_1.dll
[2011/06/12 21:15:17 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\XpsRasterService.dll
[2011/06/12 21:15:17 | 000,107,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\cdd.dll
[2011/06/07 16:20:15 | 000,000,608 | ---- | M] () -- C:\Users\jorgenpr\Desktop\Cognos by client and month.sql
[2011/06/02 07:25:36 | 000,342,685 | ---- | M] () -- C:\Users\jorgenpr\Documents\TASC SLADetail_0601.zip
[2011/05/31 13:36:08 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 12:59:13 | 000,000,000 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\i8jmoizj5.exe
[2011/05/31 12:42:28 | 000,000,000 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\sgsil3ut.exe
[2011/05/31 12:40:00 | 000,000,000 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\Wrafafo.bin
[2011/05/31 12:39:59 | 000,000,120 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\Nfimeyojomuce.dat
[2011/05/31 12:38:44 | 000,000,152 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\kcqkdnui.bat
[2011/05/31 09:21:24 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2011/05/31 09:21:24 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011/05/31 09:21:24 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011/05/31 09:13:11 | 000,426,216 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/05/27 10:52:00 | 007,807,161 | ---- | M] () -- C:\Users\jorgenpr\dfas_asset_exports.zip
[2011/05/26 13:25:50 | 000,000,495 | ---- | M] () -- C:\windows\ODBC.INI
[2011/05/26 13:25:20 | 000,017,486 | ---- | M] () -- C:\windows\System32\drivers\etc\services

========== Files Created - No Company Name ==========

[2011/06/22 07:50:50 | 000,002,979 | ---- | C] () -- C:\Users\jorgenpr\Desktop\HiJackThis.lnk
[2011/06/22 07:41:06 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/22 07:41:06 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/21 20:46:35 | 000,052,160 | ---- | C] () -- C:\Users\jorgenpr\Desktop\alert.jpg
[2011/06/21 15:32:02 | 000,256,512 | ---- | C] () -- C:\windows\PEV.exe
[2011/06/21 15:32:02 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/06/21 15:32:02 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/06/21 15:32:02 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/06/21 15:32:02 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/06/21 15:22:39 | 000,001,033 | ---- | C] () -- C:\Users\jorgenpr\Desktop\l2 tickets by company.sql
[2011/06/15 12:23:29 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\Transcender .lnk
[2011/06/15 12:23:13 | 000,000,037 | ---- | C] () -- C:\windows\System32\nett12.dll
[2011/06/13 19:30:50 | 000,321,387 | ---- | C] () -- C:\AVScript36.js
[2011/06/13 19:30:50 | 000,000,082 | ---- | C] () -- C:\AVScript.wsf
[2011/06/13 19:29:50 | 000,001,598 | ---- | C] () -- C:\Users\jorgenpr\Desktop\l2 report daily query.sql
[2011/06/12 21:19:09 | 000,000,163 | ---- | C] () -- C:\Users\jorgenpr\Desktop\agent metrics fix company name.sql
[2011/06/12 21:17:35 | 000,001,683 | ---- | C] () -- C:\Users\jorgenpr\Desktop\L2 report query.sql
[2011/06/12 21:15:57 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2011/06/10 17:35:14 | 000,000,950 | ---- | C] () -- C:\Users\jorgenpr\Desktop\Microsoft - ITSM - Strip domain from alias fields.sql
[2011/06/07 16:20:15 | 000,000,608 | ---- | C] () -- C:\Users\jorgenpr\Desktop\Cognos by client and month.sql
[2011/06/02 11:03:08 | 000,342,685 | ---- | C] () -- C:\Users\jorgenpr\Documents\TASC SLADetail_0601.zip
[2011/05/31 13:36:08 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/31 12:59:13 | 000,000,000 | ---- | C] () -- C:\Users\jorgenpr\AppData\Local\i8jmoizj5.exe
[2011/05/31 12:42:28 | 000,000,000 | ---- | C] () -- C:\Users\jorgenpr\AppData\Local\sgsil3ut.exe
[2011/05/31 12:40:00 | 000,000,000 | ---- | C] () -- C:\Users\jorgenpr\AppData\Local\Wrafafo.bin
[2011/05/31 12:39:59 | 000,000,120 | ---- | C] () -- C:\Users\jorgenpr\AppData\Local\Nfimeyojomuce.dat
[2011/05/31 12:38:44 | 000,000,152 | ---- | C] () -- C:\Users\jorgenpr\AppData\Local\kcqkdnui.bat
[2011/05/31 09:21:18 | 000,007,456 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2011/05/31 09:21:18 | 000,000,806 | ---- | C] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2011/05/27 10:52:00 | 007,807,161 | ---- | C] () -- C:\Users\jorgenpr\dfas_asset_exports.zip
[2010/12/22 08:51:24 | 000,004,764 | ---- | C] () -- C:\windows\System32\CcmFramework.ini
[2010/12/21 23:43:18 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/12/21 17:04:50 | 000,000,495 | ---- | C] () -- C:\windows\ODBC.INI
[2010/12/21 16:28:11 | 000,036,939 | ---- | C] () -- C:\windows\System32\insrepim.exe
[2010/04/11 16:04:13 | 000,000,462 | ---- | C] () -- C:\windows\SMSCFG.ini
[2010/04/11 13:07:43 | 000,036,275 | ---- | C] () -- C:\windows\System32\drivers\tiumfw.bin
[2010/04/11 13:07:43 | 000,012,952 | ---- | C] () -- C:\windows\System32\drivers\tcm.sys
[2010/04/11 13:06:40 | 000,982,224 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2010/04/11 13:06:40 | 000,208,896 | ---- | C] () -- C:\windows\System32\iglhsip32.dll
[2010/04/11 13:06:40 | 000,143,360 | ---- | C] () -- C:\windows\System32\iglhcp32.dll
[2010/04/11 13:06:38 | 000,092,292 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2010/04/11 13:06:37 | 000,439,336 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2010/04/11 13:06:36 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
[2009/09/17 14:28:14 | 000,025,226 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/16 08:40:40 | 000,000,051 | ---- | C] () -- C:\windows\smsts.ini
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:33:53 | 000,426,216 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,624,090 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,106,664 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:19:49 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/08/16 16:17:50 | 000,143,360 | ---- | C] () -- C:\windows\System32\nsldap32v50.dll
[2002/02/27 11:41:28 | 000,024,576 | ---- | C] () -- C:\windows\System32\nsldappr32v50.dll
[2002/02/27 11:41:26 | 000,040,960 | ---- | C] () -- C:\windows\System32\nsldapssl32v50.dll

< End of report >

#18 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 27 June 2011 - 09:41 AM

Hello

I want you to run this custem OTL script for me and then let me know how things are after you finish.

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the Posted Image

textbox. Do not include the word Code

:otl
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O33 - MountPoints2\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\Shell - "" = AutoRun
O33 - MountPoints2\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\Shell\AutoRun\command - "" = E:\autorun.exe
[2011/05/31 12:59:13 | 000,000,000 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\i8jmoizj5.exe
[2011/05/31 12:42:28 | 000,000,000 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\sgsil3ut.exe
[2011/05/31 12:40:00 | 000,000,000 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\Wrafafo.bin
[2011/05/31 12:39:59 | 000,000,120 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\Nfimeyojomuce.dat
[2011/05/31 12:38:44 | 000,000,152 | ---- | M] () -- C:\Users\jorgenpr\AppData\Local\kcqkdnui.bat
:Files
ipconfig /flushdns /c
:Commands
[PURITY] 
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

<-- Don't worry every little bit helps.

#19 jorgenpr

New Member

Group: Members
Posts: 11
Joined: 16-June 11

Posted 29 June 2011 - 10:43 PM

Still seeing the popups, sorry I didn't paste this immediately but I wanted to give it a day and then it's been a busy few days!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4dbac477-0d4c-11e0-a1a6-002170b4b050}\ not found.
File E:\autorun.exe not found.
C:\Users\jorgenpr\AppData\Local\i8jmoizj5.exe moved successfully.
C:\Users\jorgenpr\AppData\Local\sgsil3ut.exe moved successfully.
C:\Users\jorgenpr\AppData\Local\Wrafafo.bin moved successfully.
C:\Users\jorgenpr\AppData\Local\Nfimeyojomuce.dat moved successfully.
C:\Users\jorgenpr\AppData\Local\kcqkdnui.bat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jorgenpr\Downloads\cmd.bat deleted successfully.
C:\Users\jorgenpr\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jorgenpr
->Temp folder emptied: 1379645 bytes
->Temporary Internet Files folder emptied: 2395520 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85202060 bytes
->Flash cache emptied: 2745 bytes

User: Public

User: UnisysAD
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: wheelerm
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30820 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: jorgenpr
->Flash cache emptied: 0 bytes

User: Public

User: UnisysAD

User: wheelerm

Total Flash Files Cleaned = 0.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.24.1 log created on 06272011_090353

Files\Folders moved on Reboot...
C:\Users\jorgenpr\AppData\Local\Temp\ExchangePerflog_8484fa3127b03e58cfcccd43.dat moved successfully.
C:\Users\jorgenpr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\jorgenpr\AppData\Local\Temp\tmp3BA.tmp moved successfully.
C:\Users\jorgenpr\AppData\Local\Temp\tmpE5F2.tmp moved successfully.
C:\Users\jorgenpr\AppData\Local\Temp\~DFBB39E19DC4131552.TMP moved successfully.
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{99305DC2-08F5-481C-BB65-DCB9C121458F}.tmp moved successfully.
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1AC4F20A-9016-4D2C-8730-2AF313D43550}.tmp moved successfully.
File\Folder C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1CA7307D-7EF7-493D-8C07-63D343E5804D}.tmp not found!
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BF9143BB-3C7A-4531-B47C-D7B859602068}.tmp moved successfully.
File\Folder C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C70B9159-334D-4992-B50B-6BD3D4046208}.tmp not found!
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DE271B9B-BCB5-4429-B295-E2499FD244C2}.tmp moved successfully.
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F637B3B9-2FE6-4F06-9E84-E3ED068FA9A0}.tmp moved successfully.
File\Folder C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F9D8A0F8-CA47-4F86-97BA-DB2B3052AEF8}.tmp not found!
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDOH3UEQ\index[1].htm moved successfully.
File\Folder C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YT3PRTF\ADSAdClient31[2].htm not found!
C:\Users\jorgenpr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3YT3PRTF\ms187745[1].htm moved successfully.

Registry entries deleted on Reboot...

#20 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 29 June 2011 - 11:26 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#21 jorgenpr

New Member

Group: Members
Posts: 11
Joined: 16-June 11

Posted 29 June 2011 - 11:34 PM

Here is the log file from TDSSKiller:

2011/06/29 22:33:51.0526 5892 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 22:33:52.0000 5892 ================================================================================
2011/06/29 22:33:52.0000 5892 SystemInfo:
2011/06/29 22:33:52.0000 5892
2011/06/29 22:33:52.0001 5892 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/29 22:33:52.0001 5892 Product type: Workstation
2011/06/29 22:33:52.0001 5892 ComputerName: USSLC-JORGENPR
2011/06/29 22:33:52.0001 5892 UserName: JorgenPR
2011/06/29 22:33:52.0001 5892 Windows directory: C:\windows
2011/06/29 22:33:52.0001 5892 System windows directory: C:\windows
2011/06/29 22:33:52.0001 5892 Processor architecture: Intel x86
2011/06/29 22:33:52.0001 5892 Number of processors: 2
2011/06/29 22:33:52.0001 5892 Page size: 0x1000
2011/06/29 22:33:52.0001 5892 Boot type: Normal boot
2011/06/29 22:33:52.0001 5892 ================================================================================
2011/06/29 22:33:52.0586 5892 Initialize success
2011/06/29 22:33:58.0128 0868 ================================================================================
2011/06/29 22:33:58.0128 0868 Scan started
2011/06/29 22:33:58.0128 0868 Mode: Manual;
2011/06/29 22:33:58.0128 0868 ================================================================================
2011/06/29 22:33:59.0074 0868 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/06/29 22:33:59.0168 0868 Acceler (627371b2d48f64cecc4d019114fb140d) C:\windows\system32\DRIVERS\Accelern.sys
2011/06/29 22:33:59.0320 0868 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/06/29 22:33:59.0398 0868 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/06/29 22:33:59.0968 0868 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/06/29 22:34:00.0139 0868 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/06/29 22:34:00.0299 0868 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/06/29 22:34:00.0488 0868 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
2011/06/29 22:34:00.0572 0868 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/06/29 22:34:00.0768 0868 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/06/29 22:34:00.0924 0868 AKSIFDH (cabbae3643304b22269b200248bdbe77) C:\windows\system32\DRIVERS\aksifdh.sys
2011/06/29 22:34:01.0103 0868 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/06/29 22:34:01.0206 0868 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/06/29 22:34:01.0403 0868 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/06/29 22:34:01.0547 0868 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/06/29 22:34:01.0698 0868 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/06/29 22:34:01.0880 0868 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/06/29 22:34:02.0196 0868 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/06/29 22:34:02.0336 0868 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/06/29 22:34:02.0490 0868 ApfiltrService (11246b43e2fd8318ef5f45de3a74fbae) C:\windows\system32\DRIVERS\Apfiltr.sys
2011/06/29 22:34:02.0769 0868 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/06/29 22:34:03.0065 0868 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/06/29 22:34:03.0165 0868 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/06/29 22:34:03.0274 0868 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/06/29 22:34:03.0420 0868 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/06/29 22:34:03.0787 0868 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/06/29 22:34:03.0985 0868 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/06/29 22:34:04.0399 0868 BCM43XX (df1835935b312efcaa5ebfd1a5ce6711) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/06/29 22:34:04.0520 0868 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/06/29 22:34:04.0584 0868 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/06/29 22:34:04.0654 0868 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/06/29 22:34:04.0715 0868 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/06/29 22:34:04.0747 0868 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/06/29 22:34:04.0793 0868 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/06/29 22:34:04.0839 0868 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/06/29 22:34:04.0861 0868 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/06/29 22:34:04.0882 0868 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/06/29 22:34:04.0903 0868 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/06/29 22:34:05.0112 0868 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/06/29 22:34:05.0171 0868 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/06/29 22:34:05.0226 0868 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/06/29 22:34:05.0278 0868 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/06/29 22:34:05.0341 0868 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/06/29 22:34:05.0375 0868 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/06/29 22:34:05.0443 0868 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/06/29 22:34:05.0560 0868 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/06/29 22:34:05.0633 0868 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/06/29 22:34:05.0709 0868 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/06/29 22:34:05.0820 0868 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
2011/06/29 22:34:05.0869 0868 cvusbdrv (6fdbd7618935247d24a84d673d796ad0) C:\windows\system32\Drivers\cvusbdrv.sys
2011/06/29 22:34:05.0920 0868 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
2011/06/29 22:34:05.0987 0868 DIGITECH (8bb27f26da7ac2fd4f1386c4e045388e) C:\windows\system32\DRIVERS\DIGITECH.sys
2011/06/29 22:34:06.0042 0868 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/06/29 22:34:06.0080 0868 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/06/29 22:34:06.0143 0868 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/06/29 22:34:06.0205 0868 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\windows\system32\DRIVERS\dsNcAdpt.sys
2011/06/29 22:34:06.0292 0868 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\windows\System32\drivers\dxgkrnl.sys
2011/06/29 22:34:06.0378 0868 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\windows\system32\DRIVERS\e1y6232.sys
2011/06/29 22:34:06.0500 0868 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/06/29 22:34:06.0669 0868 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/06/29 22:34:06.0766 0868 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/06/29 22:34:06.0881 0868 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/06/29 22:34:06.0950 0868 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/06/29 22:34:07.0022 0868 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/06/29 22:34:07.0064 0868 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/06/29 22:34:07.0107 0868 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/06/29 22:34:07.0159 0868 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/06/29 22:34:07.0216 0868 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/06/29 22:34:07.0258 0868 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/06/29 22:34:07.0293 0868 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/06/29 22:34:07.0324 0868 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/06/29 22:34:07.0355 0868 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/06/29 22:34:07.0398 0868 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/06/29 22:34:07.0424 0868 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/06/29 22:34:07.0478 0868 guardian2 (c465697b8c546e9d2bf9752f21272677) C:\windows\system32\Drivers\oz776.sys
2011/06/29 22:34:07.0580 0868 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/06/29 22:34:07.0641 0868 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/06/29 22:34:07.0714 0868 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/06/29 22:34:07.0752 0868 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
2011/06/29 22:34:07.0958 0868 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/06/29 22:34:08.0006 0868 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/06/29 22:34:08.0047 0868 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/06/29 22:34:08.0098 0868 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/06/29 22:34:08.0151 0868 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/06/29 22:34:08.0238 0868 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/06/29 22:34:08.0262 0868 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/06/29 22:34:08.0292 0868 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/06/29 22:34:08.0340 0868 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\windows\system32\DRIVERS\iaStor.sys
2011/06/29 22:34:08.0386 0868 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/06/29 22:34:08.0590 0868 igfx (4ee7874572a515d112d2f35112f5ad41) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/06/29 22:34:08.0815 0868 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/06/29 22:34:08.0871 0868 Impcd (1e8154841a0a24d6b38778f07831a82b) C:\windows\system32\DRIVERS\Impcd.sys
2011/06/29 22:34:08.0915 0868 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/06/29 22:34:08.0952 0868 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/06/29 22:34:08.0982 0868 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/06/29 22:34:09.0028 0868 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/06/29 22:34:09.0057 0868 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/06/29 22:34:09.0101 0868 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/06/29 22:34:09.0133 0868 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/06/29 22:34:09.0175 0868 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/06/29 22:34:09.0204 0868 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/06/29 22:34:09.0231 0868 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/06/29 22:34:09.0271 0868 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/06/29 22:34:09.0317 0868 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/06/29 22:34:09.0407 0868 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/06/29 22:34:09.0461 0868 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/06/29 22:34:09.0494 0868 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/06/29 22:34:09.0533 0868 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/06/29 22:34:09.0569 0868 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/06/29 22:34:09.0627 0868 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/06/29 22:34:09.0672 0868 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\windows\system32\drivers\mbamswissarmy.sys
2011/06/29 22:34:09.0748 0868 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/06/29 22:34:09.0784 0868 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/06/29 22:34:09.0822 0868 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/06/29 22:34:09.0864 0868 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/06/29 22:34:09.0911 0868 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/06/29 22:34:09.0976 0868 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/06/29 22:34:10.0012 0868 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/06/29 22:34:10.0043 0868 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/06/29 22:34:10.0074 0868 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/06/29 22:34:10.0110 0868 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/06/29 22:34:10.0267 0868 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/06/29 22:34:10.0313 0868 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/06/29 22:34:10.0355 0868 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/06/29 22:34:10.0430 0868 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/06/29 22:34:10.0484 0868 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/06/29 22:34:10.0537 0868 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/06/29 22:34:10.0563 0868 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/06/29 22:34:10.0594 0868 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/06/29 22:34:10.0645 0868 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/06/29 22:34:10.0665 0868 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/06/29 22:34:10.0693 0868 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/06/29 22:34:10.0722 0868 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/06/29 22:34:10.0772 0868 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/06/29 22:34:10.0785 0868 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/06/29 22:34:10.0823 0868 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/06/29 22:34:10.0852 0868 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/06/29 22:34:10.0898 0868 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/06/29 22:34:11.0062 0868 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110629.019\NAVENG.SYS
2011/06/29 22:34:11.0148 0868 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110629.019\NAVEX15.SYS
2011/06/29 22:34:11.0253 0868 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/06/29 22:34:11.0290 0868 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/06/29 22:34:11.0329 0868 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/06/29 22:34:11.0356 0868 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/06/29 22:34:11.0377 0868 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/06/29 22:34:11.0403 0868 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/06/29 22:34:11.0467 0868 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/06/29 22:34:11.0500 0868 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/06/29 22:34:11.0550 0868 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/06/29 22:34:11.0587 0868 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/06/29 22:34:11.0623 0868 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/06/29 22:34:11.0671 0868 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/06/29 22:34:11.0743 0868 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/06/29 22:34:11.0790 0868 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/06/29 22:34:11.0833 0868 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/06/29 22:34:11.0910 0868 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/06/29 22:34:12.0008 0868 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/06/29 22:34:12.0079 0868 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/06/29 22:34:12.0106 0868 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/06/29 22:34:12.0137 0868 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/06/29 22:34:12.0178 0868 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/06/29 22:34:12.0232 0868 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/06/29 22:34:12.0267 0868 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/06/29 22:34:12.0297 0868 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/06/29 22:34:12.0335 0868 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/06/29 22:34:12.0445 0868 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/06/29 22:34:12.0513 0868 prepdrvr (2a4514a9233d35a355f569ff8b8f6240) C:\windows\system32\CCM\prepdrv.sys
2011/06/29 22:34:12.0595 0868 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/06/29 22:34:12.0653 0868 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/06/29 22:34:12.0714 0868 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/06/29 22:34:12.0803 0868 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/06/29 22:34:13.0037 0868 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/06/29 22:34:13.0064 0868 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/06/29 22:34:13.0100 0868 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/06/29 22:34:13.0130 0868 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/06/29 22:34:13.0174 0868 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/06/29 22:34:13.0213 0868 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/06/29 22:34:13.0244 0868 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/06/29 22:34:13.0294 0868 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/06/29 22:34:13.0322 0868 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/06/29 22:34:13.0346 0868 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
2011/06/29 22:34:13.0386 0868 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/06/29 22:34:13.0412 0868 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/06/29 22:34:13.0437 0868 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/06/29 22:34:13.0473 0868 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/06/29 22:34:13.0530 0868 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\windows\system32\DRIVERS\rimmptsk.sys
2011/06/29 22:34:13.0557 0868 rimspci (e891f07815af88075705ef6a248711f6) C:\windows\system32\DRIVERS\rimspe86.sys
2011/06/29 22:34:13.0584 0868 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\windows\system32\DRIVERS\rimsptsk.sys
2011/06/29 22:34:13.0616 0868 risdpcie (d853d35f792a3a44726a794bf9a0bbc3) C:\windows\system32\DRIVERS\risdpe86.sys
2011/06/29 22:34:13.0643 0868 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\windows\system32\DRIVERS\rixdptsk.sys
2011/06/29 22:34:13.0668 0868 rixdpcie (cf2de2365fd99e5b8e38c9f3467dcdb8) C:\windows\system32\DRIVERS\rixdpe86.sys
2011/06/29 22:34:13.0723 0868 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/06/29 22:34:13.0757 0868 s3cap (5423d8437051e89dd34749f242c98648) C:\windows\system32\DRIVERS\vms3cap.sys
2011/06/29 22:34:13.0803 0868 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/06/29 22:34:13.0874 0868 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/06/29 22:34:13.0943 0868 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
2011/06/29 22:34:13.0985 0868 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/06/29 22:34:14.0036 0868 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/06/29 22:34:14.0073 0868 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/06/29 22:34:14.0125 0868 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/06/29 22:34:14.0166 0868 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/06/29 22:34:14.0194 0868 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/06/29 22:34:14.0214 0868 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/06/29 22:34:14.0235 0868 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/06/29 22:34:14.0294 0868 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/06/29 22:34:14.0326 0868 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/06/29 22:34:14.0351 0868 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/06/29 22:34:14.0400 0868 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/06/29 22:34:14.0542 0868 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/06/29 22:34:14.0589 0868 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/06/29 22:34:14.0643 0868 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\windows\system32\Drivers\SRTSP.SYS
2011/06/29 22:34:14.0686 0868 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\windows\system32\Drivers\SRTSPL.SYS
2011/06/29 22:34:14.0722 0868 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\windows\system32\Drivers\SRTSPX.SYS
2011/06/29 22:34:14.0764 0868 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
2011/06/29 22:34:14.0815 0868 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
2011/06/29 22:34:14.0846 0868 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
2011/06/29 22:34:14.0903 0868 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/06/29 22:34:14.0954 0868 STHDA (4e5c74bd3244139ecaa73cc2c0f8b86b) C:\windows\system32\DRIVERS\stwrt.sys
2011/06/29 22:34:15.0005 0868 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\windows\system32\DRIVERS\vmstorfl.sys
2011/06/29 22:34:15.0044 0868 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\windows\system32\DRIVERS\storvsc.sys
2011/06/29 22:34:15.0081 0868 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/06/29 22:34:15.0158 0868 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\windows\system32\Drivers\SYMEVENT.SYS
2011/06/29 22:34:15.0215 0868 SYMREDRV (394b2368212114d538316812af60fddd) C:\windows\System32\Drivers\SYMREDRV.SYS
2011/06/29 22:34:15.0238 0868 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\windows\System32\Drivers\SYMTDI.SYS
2011/06/29 22:34:15.0281 0868 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\windows\SYSTEM32\Drivers\SysPlant.sys
2011/06/29 22:34:15.0328 0868 tcm (5150fb0f8dfe5353b15fd7d017112a4e) C:\windows\system32\DRIVERS\tcm.sys
2011/06/29 22:34:15.0391 0868 Tcpip (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\drivers\tcpip.sys
2011/06/29 22:34:15.0476 0868 TCPIP6 (0158d5e9982e9d6a90dfc802f618e130) C:\windows\system32\DRIVERS\tcpip.sys
2011/06/29 22:34:15.0518 0868 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/06/29 22:34:15.0553 0868 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/06/29 22:34:15.0579 0868 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/06/29 22:34:15.0606 0868 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/06/29 22:34:15.0633 0868 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\windows\system32\DRIVERS\teefer2.sys
2011/06/29 22:34:15.0664 0868 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/06/29 22:34:15.0721 0868 tiumfwl (65e8e81c2f40abce9db98fd232f86bf8) C:\windows\system32\drivers\tiumfwl.sys
2011/06/29 22:34:15.0775 0868 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
2011/06/29 22:34:15.0826 0868 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/06/29 22:34:15.0868 0868 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/06/29 22:34:15.0968 0868 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/06/29 22:34:16.0021 0868 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/06/29 22:34:16.0094 0868 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/06/29 22:34:16.0126 0868 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/06/29 22:34:16.0164 0868 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/06/29 22:34:16.0200 0868 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/06/29 22:34:16.0235 0868 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\windows\system32\DRIVERS\usbccid.sys
2011/06/29 22:34:16.0266 0868 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/06/29 22:34:16.0317 0868 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/06/29 22:34:16.0358 0868 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/06/29 22:34:16.0392 0868 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/06/29 22:34:16.0419 0868 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/06/29 22:34:16.0443 0868 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/06/29 22:34:16.0476 0868 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/06/29 22:34:16.0530 0868 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/06/29 22:34:16.0575 0868 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/06/29 22:34:16.0614 0868 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/06/29 22:34:16.0637 0868 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/06/29 22:34:16.0666 0868 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/06/29 22:34:16.0693 0868 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/06/29 22:34:16.0722 0868 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/06/29 22:34:16.0748 0868 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\windows\system32\DRIVERS\vmbus.sys
2011/06/29 22:34:16.0788 0868 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\windows\system32\DRIVERS\VMBusHID.sys
2011/06/29 22:34:16.0823 0868 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/06/29 22:34:16.0857 0868 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/06/29 22:34:16.0881 0868 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/06/29 22:34:16.0929 0868 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/06/29 22:34:16.0965 0868 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/06/29 22:34:16.0997 0868 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/06/29 22:34:17.0040 0868 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/06/29 22:34:17.0082 0868 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/29 22:34:17.0100 0868 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/29 22:34:17.0162 0868 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/06/29 22:34:17.0204 0868 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/06/29 22:34:17.0327 0868 WebDriveFSD (05937677741a7b158c54ef292fe8d2a5) C:\Program Files\WebDrive\wdfsd.sys
2011/06/29 22:34:17.0405 0868 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/06/29 22:34:17.0429 0868 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/06/29 22:34:17.0519 0868 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUSB.sys
2011/06/29 22:34:17.0571 0868 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/06/29 22:34:17.0633 0868 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\windows\system32\drivers\wpsdrvnt.sys
2011/06/29 22:34:17.0672 0868 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\windows\system32\drivers\WpsHelper.sys
2011/06/29 22:34:17.0696 0868 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/06/29 22:34:17.0744 0868 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/06/29 22:34:17.0773 0868 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/06/29 22:34:17.0822 0868 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/29 22:34:17.0835 0868 Boot (0x1200) (64b9c3d6029fc75f15528bf7e8d63f2c) \Device\Harddisk0\DR0\Partition0
2011/06/29 22:34:17.0886 0868 Boot (0x1200) (1c2c6660c0e8334e2312a461c2c69a79) \Device\Harddisk0\DR0\Partition1
2011/06/29 22:34:17.0891 0868 ================================================================================
2011/06/29 22:34:17.0891 0868 Scan finished
2011/06/29 22:34:17.0891 0868 ================================================================================
2011/06/29 22:34:17.0900 5604 Detected object count: 0
2011/06/29 22:34:17.0900 5604 Actual detected object count: 0

#22 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 05 July 2011 - 02:59 AM

Please download Kaspersky Virus Removal Tool and SAVE it to your desktop

Right click and run as admin (xp please double click to run)
select lang
click on next
accept the license aggreement
select location and click on next
in autoscan make sure the first three boxes are checked and the box next to the C:/ drive
click on start scan
when complete click on report
in the three drop down boxes choose autoscan - do not group and important events
click on save and save to desktop
copy and paste this report in your next post

<-- Don't worry every little bit helps.

#23 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 08 July 2011 - 03:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

<-- Don't worry every little bit helps.

#24 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,515
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 10 July 2011 - 10:59 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.